Luxembourg data watchdog investigates Skype NSA co-operation

Skype, owned by Microsoft since 2011, was one of the first offenders named by wistleblower Edward Snowden when he started to leak documents showing collusion between large US technology firms, and the secretive US spying agency the NSA (with Microsoft itself being the first such company to fully start cooperating with the NSA’s PRISM program back in 2007).

The thing is though, Skype itself is not headquartered in the US, but in the diminutive European country of Luxembourg (known for its rather… ahem … loose … tax laws), and now Luxembourg’s data protection minister Gerard Lommel is investigating the internet chat program company over breaches in European and national data protection laws.

In a country whose constitution enshrines the right to privacy, and which states that secrecy of correspondence is ‘inviolable’ (unless given judicial approval or authorised by a special tribunal chosen by the prime minister), such breaches could result in criminal proceeding and sanctions (such as a ban on passing users’ data on to the NSA).

It is however, unclear whether the spying and transfer of data to the NSA may have been secretly authorised by the government in an agreement that Mr Lommel was not party to.

Skype’s cooperation with the NSA and its PRISM program

According to a Guardian newspaper report, based on evidence released by Mr Snowden, the NSA first demanded access to Skype communications in February 2011, when Skype was served with a directive to comply with NSA surveillance signed by the US attorney general, and apparently it only took a few days before the NSA reported successfully listening in on a Skype call.

When Microsoft acquired Skype in May 2011, this collaboration intensified,

‘…nine months after Microsoft bought Skype, the NSA boasted that a new capability had tripled the amount of Skype video calls being collected through Prism’.

Since the revelations became public, Microsoft has pushed to be allowed greater transparency with regards to US government requests for private data, but as Grégoire Pouget, an information security expert at Reporters Without Borders states,

‘It is what many of us feared, and now we know for sure. If you are a journalist working on issues that could interest the US government or some of their allies, you should not use Skype.’

We at BestVPN strongly recommend that readers who do not wish to be eavesdropped on by the NSA ditch Skype, and instead use a secure IM and/or VoIP client such as Jitsi, RedPhone or Pidgin+OTR.